<html>
<head><meta charset="utf-8"><title>Deserialization and unsafe fields · wg-secure-code · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/index.html">wg-secure-code</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Deserialization.20and.20unsafe.20fields.html">Deserialization and unsafe fields</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="226282173"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Deserialization%20and%20unsafe%20fields/near/226282173" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Deserialization.20and.20unsafe.20fields.html#226282173">(Feb 14 2021 at 02:54)</a>:</h4>
<p>It has been brought up in #black-magic in Rust Community Discord that Rust currently has no notion of an unsafe field. So it's trivial to put e.g. <code>#[derive(Deserialize)]</code> on a struct where some unsafe code depends on some invariants about the values being upheld.<br>
I wonder how many examples of that are there in the wild. <span class="user-mention" data-user-id="329529">@Yechan Bae</span> perhaps your <a href="http://crates.io">crates.io</a> scanner can be jury-rigged to detect that, perhaps with false positives for now, to get an idea of whether that's a real issue or not?</p>



<a name="226284496"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Deserialization%20and%20unsafe%20fields/near/226284496" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thom Chiovoloni <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Deserialization.20and.20unsafe.20fields.html#226284496">(Feb 14 2021 at 04:07)</a>:</h4>
<p>Note that clippy actually has a lint for this, but it's <code>allow</code>ed by default <a href="https://rust-lang.github.io/rust-clippy/master/index.html#unsafe_derive_deserialize">https://rust-lang.github.io/rust-clippy/master/index.html#unsafe_derive_deserialize</a></p>



<a name="226288294"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Deserialization%20and%20unsafe%20fields/near/226288294" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Yechan Bae <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Deserialization.20and.20unsafe.20fields.html#226288294">(Feb 14 2021 at 06:12)</a>:</h4>
<p>I haven't seen such use of deserialize yet. However, I saw similar soundness errors related to Sync trait with <code>Clone</code> and <code>Debug</code> derivation. The provided implementation of those traits access <code>&amp;inner</code> from <code>&amp;self</code>, so <code>inner: Sync</code> trait bound should exist for <code>Self: Sync</code> implementation. However, it is easy to forget that trait bound when <code>Sync</code> is manually implemented.</p>



<a name="226289232"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Deserialization%20and%20unsafe%20fields/near/226289232" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thom Chiovoloni <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Deserialization.20and.20unsafe.20fields.html#226289232">(Feb 14 2021 at 06:43)</a>:</h4>
<p>I've definitely seen Deserialize impls like this, I almost wrote one which is why I realized it was possible</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>